package com.demo.paypalmanagement.config;

import com.demo.paypalmanagement.handler.CustomAuthenticationFailureHandler;
import com.demo.paypalmanagement.handler.CustomAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Bean
  public BCryptPasswordEncoder bCryptPasswordEncoder() {
    return new BCryptPasswordEncoder();
  }

  @Autowired
  private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
  @Autowired
  private CustomAuthenticationFailureHandler customAuthenticationFailureHandler;

  public static void main(String[] args) {
    //加密策略 MD5 不安全 彩虹表  MD5 加盐
    String mszlu = new BCryptPasswordEncoder().encode("123456");
    System.out.println(mszlu);
  }

  @Override
  public void configure(WebSecurity web) throws Exception {
    super.configure(web);
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests() //开启登录认证
            .antMatchers("/admin/main.html","/admin/file.html","/admin/users.html").not().hasRole("USER")
            .antMatchers("/admin/**","/users/**").hasRole("ADMIN") //访问接口需要admin的角色
            .antMatchers("/","/index.html","/css/**","/img/**","/js/**","/plugins/**","/register","/register.html", "/upload/**","/retrieve-password.html","/register/retrieve").permitAll()
            //.antMatchers("/api/**").access("@authService.auth(request,authentication)") //自定义service 来去实现实时的权限认证
            .antMatchers("/pay-success.html","/my-orders.html","/order-confirm.html").permitAll() //临时放开
            .antMatchers("/order-confirm.html","/order/**","/admin/main.html","/admin/file.html","/admin/users.html").authenticated()//需要认证
            .antMatchers("/com/checkLogin","/com/captcha/generate","/com/captcha/retrieve").permitAll()
            .antMatchers("/order/**","/admin/main.html","/admin/file.html","/admin/users.html").authenticated()//需要认证
            .antMatchers("/com/products/page").permitAll()
            .antMatchers("/com/**").authenticated()
            .anyRequest().authenticated()  // 其他请求需要认证
            .and().formLogin()
            .loginPage("/login.html") //自定义的登录页面
            .loginProcessingUrl("/login") //登录处理接口
            .successHandler(customAuthenticationSuccessHandler) // 使用自定义的成功处理器
            .failureHandler(customAuthenticationFailureHandler)
            .usernameParameter("username") //定义登录时的用户名的key 默认为username
            .passwordParameter("password") //定义登录时的密码key，默认是password
//            .defaultSuccessUrl("/admin/main.html")
            //.failureUrl("/login.html")
            .permitAll() //通过 不拦截，更加前面配的路径决定，这是指和登录表单相关的接口 都通过
            .and().logout() //退出登录配置
            .logoutUrl("/logout") //退出登录接口
            .logoutSuccessUrl("/login.html")
            .permitAll() //退出登录的接口放行
            .and()
            .httpBasic()
            .and()
            .csrf().disable() //csrf关闭 如果自定义登录 需要关闭
            .headers().frameOptions().sameOrigin();// 支持iframe页面嵌套


  }
}
